Personal Data Protection Policy

General Data Protection Regulation (GDPR) Policy

The General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, requires transparent, clear, and concise information when collecting your personal data.

The purpose of this policy is to inform you about the processing of personal data carried out by the association lille3000.

I) Identity of the Data Controller

The personal data collected is processed by the association LILLE3000 as the data controller. The complete contact details of the organization are:

  • Organization name: ASSOCIATION LILLE3000
  • Legal representative: Mr. Thierry LANDRON
  • Mailing address: 105 Centre Euralille, 59777 LILLE
  • Phone number: +33 3 28 52 30 00
  • Email address: elisabeth.touzet@lille3000.com

The establishment’s Data Protection Officer is:

  • Organization name: ACS RGPD – BAUDE DATA PROTECTION
  • Legal representative: Mr. Pierre-Antoine BAUDE
  • Mailing address: 7 bis Rue du Virval, 62100 CALAIS
  • Phone number: +33 6 69 98 33 48
  • Email address: pa.baude@baudedataprotection.com

II) Data Processing, Purposes, and Legal Bases

A. Management of Cultural and Artistic Activities

Target audience: General public

Personal data collected is used and stored for:

  • Event and exhibition production
  • Communications related to these events and exhibitions

The legal basis for this processing is the legitimate interest of the organization (Article 6-f of the GDPR), justified by the need to organize cultural and artistic activities.

Collected data:

  • Identity data: name, first name, email address, phone number.

B. Accounting Management

Target audience: Clients, suppliers

Personal data collected is used and stored for:

  • Preparing the organization’s financial statements
  • Budget management
  • Managing subsidies
  • Creating summaries

The legal basis for this processing is compliance with a legal obligation (Article 6-c of the GDPR).

Collected data:

  • Identity data: name, first name, professional contact details (email, phone number, postal address)
  • Financial and economic data: bank account details (for suppliers).

C. Supplier Management

Target audience: Suppliers

Personal data collected is used and stored for:

  • Managing suppliers (orders, reception, service or goods delivery, invoices, payments)

The legal basis for this processing is the performance of a contract (Article 6-b of the GDPR).

Collected data:

  • Identity data: name, first name, professional contact details (email, phone number, postal address)
  • Financial and economic data: bank account details.

D. Ticketing Management

Target audience: Clients

Personal data collected is used and stored for:

  • Ticket sales
  • Public reception
  • Public information
  • Refund management
  • Conducting statistics and surveys

The legal bases for this processing are the performance of a contract (Article 6-b of the GDPR) and the legitimate interest of the organization (Article 6-f of the GDPR), justified by the need to improve the quality of services provided.

Collected data:

  • Identity data: name, first name, postal code, email address, phone number
  • Economic and financial data: supporting documents for reduced fare validation (immediate deletion), disability status (if applicable). No storage of credit card numbers.

E. Client Management

Target audience: Clients

Personal data collected is used and stored for:

  • Managing clients (orders, service or goods delivery, invoices, payments)

The legal basis for this processing is the performance of a contract (Article 6-b of the GDPR).

Collected data:

  • Identity data: name, first name, professional/personal contact details (email, phone number, postal address).

F. Equipment Lending Management

Target audience: Other organizations

Personal data collected is used and stored for:

  • Managing equipment loans
  • Managing equipment insurance

The legal bases for this processing are the performance of a contract (Article 6-b of the GDPR) and the legitimate interest of the organization (Article 6-f of the GDPR), justified by the need to monitor equipment usage.

Collected data:

  • Identity data: name, first name, phone number, email address, equipment description, equipment value.

G. Artwork Management

Target audience: Artists

Personal data collected is used and stored for:

  • Managing artwork loans
  • Managing artwork insurance

The legal bases for this processing are the performance of a contract (Article 6-b of the GDPR) and the legitimate interest of the organization (Article 6-f of the GDPR), justified by the need to oversee artwork loans.

Collected data:

  • Identity data: name, first name, email address, phone number, artwork description, artwork value.

Here is the continuation and completion of the GDPR Policy translation:

III) Newsletter Management

Target audience: General public

Personal data collected is used and stored for:

  • Sending newsletters and information about events.

The legal basis for this processing is the explicit consent of the data subject (Article 6-a of the GDPR).

Collected data:

  • Identity data: email address.

IV) VIP File Management

Target audience: Guests invited to events

Personal data collected is used and stored for:

  • Sending invitations to events
  • Managing guest attendance

The legal basis for this processing is the legitimate interest of the organization (Article 6-f of the GDPR), justified by the need to organize VIP events.

Collected data:

  • Identity data: name, first name, email address, phone number.

V) Contest Management

Target audience: Contest participants

Personal data collected is used and stored for:

  • Organizing contests
  • Awarding prizes to winners

The legal basis for this processing is the explicit consent of the data subject (Article 6-a of the GDPR).

Collected data:

  • Identity data: name, first name, email address, phone number, postal address.

VI) Website Management

Target audience: Website users

Personal data collected is used and stored for:

  • Analyzing site traffic and audience measurement

The legal basis for this processing is the explicit consent of the data subject (Article 6-a of the GDPR).

Collected data:

  • Cookies and trackers: IP address, browser type, operating system, browsing history.

Retention Periods

Personal data is stored only for the time necessary to fulfill the purposes described above and in compliance with applicable laws. The retention periods are as follows:

  • Accounting data: 10 years
  • Supplier and client management data: Duration of the contractual relationship + 3 years
  • Newsletter and marketing data: Until consent is withdrawn
  • Website data (cookies): Depending on the type of cookie, up to 13 months

After these periods, data is securely deleted or anonymized.

Security Measures

Lille3000 implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data. These measures include:

  • Regular security audits
  • Access control and authentication mechanisms
  • Data encryption

Data Subject Rights

You have the following rights under the GDPR regarding your personal data:

  1. Right of access: Obtain a copy of your data.
  2. Right to rectification: Correct inaccurate or incomplete data.
  3. Right to erasure (“right to be forgotten”): Delete your data, under certain conditions.
  4. Right to restrict processing: Limit the use of your data, under certain conditions.
  5. Right to data portability: Receive your data in a machine-readable format.
  6. Right to object: Oppose the processing of your data for specific reasons.

To exercise these rights, contact:

You also have the right to file a complaint with the French Data Protection Authority (CNIL).

Data Transfers Outside the EU

Lille3000 does not transfer personal data outside the European Union.

Updates to This Policy

This policy may be updated periodically to reflect changes in legal requirements or processing practices. The latest version will always be available on our website.

Skip to content